Qualixir logo
QualixirShip Your Software 80% Faster

Security

Enterprise-grade security. By design.

Your data is encrypted at rest and in transit. Every organisation is fully isolated at the database level. On-premise deployment keeps test data entirely within your network.

Security Principles

Protected at every layer

Application Layer

HTTPS-only access, no client-side secrets, content security policy headers, and server-side rendering to prevent exposure of sensitive data in the browser.

Data Layer

Row-level security enforced at the database level isolates every organisation. AES-256 encryption protects all data at rest. No cross-tenant access is possible — even by application code.

Authentication

Industry-standard JWT-based authentication with bcrypt password hashing, multi-factor authentication support, and OAuth 2.0 integration for Google and Microsoft sign-in.

Test Execution

The test worker can be deployed inside your own network as a containerised application. No inbound ports required. Test data, screenshots, and credentials never leave your infrastructure.

AI Processing

AI evaluation is performed via a zero-retention API — your data is processed to generate results but is never stored by the AI provider and is never used for model training.

File Storage

All uploaded files and generated reports are stored with server-side encryption. Access is controlled via time-limited signed URLs scoped to each organisation.

Encryption

Encrypted everywhere

Data at rest

AES-256 encryption across all databases, file storage, and session data.

Credentials and secrets

Encrypted with AES-256-GCM using per-deployment keys. Decrypted only at runtime within the secure execution environment.

Data in transit

TLS 1.2+ enforced on all connections — application traffic, real-time channels, and database connections.

API keys and secrets

Stored server-side only. Never exposed to the browser or included in client-side bundles.

Compliance

Frameworks and certifications

SOC 2 Type II

Infrastructure certified

Qualixir is built on SOC 2 Type II certified infrastructure. Application-level SOC 2 audit is planned as we scale.

GDPR

Designed for compliance

Data minimization by default. Right to deletion supported. Data processing agreements available for EU customers.

PIPEDA (Canada)

Compliant

Canadian data residency available. No cross-border data transfer for Canadian organisations. Consent-based data collection.

ISO 27001

Infrastructure certified

Our underlying infrastructure providers are ISO 27001 certified. Application-level certification is planned.

Multi-Tenancy

Complete data isolation

Every organisation's data is isolated at the database level using row-level security policies. Access control is enforced by the database engine itself — not just application logic. Even in a shared environment, one organisation cannot access another's data under any circumstances. For enterprise customers, dedicated infrastructure options are available.

Request Security Assessment